Carnegie Mellon researchers show how LLMs can be taught to autonomously plan and execute real-world cyberattacks

In a groundbreaking development, a team of Carnegie Mellon University researchers has demonstrated that large language models (LLMs) are capable of autonomously planning and executing complex network attacks, shedding light on emerging capabilities of foundation models and their implications for Read More …

Preventing Zero-Click AI Threats: Insights from EchoLeak

EchoLeak (CVE-2025-32711) is a newly identified vulnerability in Microsoft 365 Copilot, made more nefarious by its zero-click nature, meaning it requires no user interaction to succeed. It demonstrates how helpful systems can open the door to entirely new forms of Read More …

U.S. companies brace for Israel-Iran cyber spillover

As Israel and Iran exchange airstrikes, cybersecurity experts are warning that a quieter, but still destructive, digital conflict is unfolding behind the scenes. And U.S. companies could soon find themselves in the blast radius. Iran and Israel are home to Read More …

ConnectWise rotating code signing certificates due to security concerns

ConnectWise is updating the digital signing certificates used in ScreenConnect, ConnectWise Automate, and ConnectWise RMM due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions. In addition to issuing new certificates, ConnectWise Read More …

EU gives staff ‘burner phones, laptops’ for US visits

The European Commission is giving staffers visiting the US on official business burner laptops and phones to avoid espionage attempts, according to the Financial Times. The use of clean and locked-down hardware is common practice for anyone visiting China, Russia, Read More …

Why Cloud Misconfigurations Remain A Top Cause Of Data Breaches

It’s 2025, and the industry has built some of the most advanced cloud environments ever seen—automated deployments, real-time threat detection and infrastructure that scales with just a few lines of code. Yet, data breaches aren’t slowing down—why? Because a single Read More …

QR codes sent in attachments are the new favorite for phishers

Recently Malwarebytes Labs researchers have been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site Read More …

Palo Alto Networks gateways facing huge number of possible security attacks

Someone may be getting ready to attack Palo Alto Network devices, security researchers are warning after spotting a rise in activity. Analysts from GreyNoise said they observed a “significant surge” in login scanning activity against the company’s PAN-OS GlobalProtect portals, Read More …

Critical Strapi Vulnerability Allows RCE via Server-Side Template Injection

SonicWall Capture Labs threat research team became aware of the threat CVE-2023-22621, assessed its impact and developed mitigation measures for this vulnerability. CVE-2023-22621 is a high-severity vulnerability affecting Strapi versions 3.0.0 through 4.5.5. The flaw permits authenticated Server-Side Template Injection Read More …

How to tell if your online accounts have been hacked

More and more hackers are targeting regular people with the goal of breaking into their bank accounts, stealing their crypto, or simply stalking them. These types of attacks are still relatively rare, so there’s no need for alarm. But it’s Read More …